Microsoft Security compliance toolkit / Windows hardening / GPO settings

Microsoft security compliance toolkit: Il remplace Security Compliance Manager. Cet outil permet de planifier, créer, et monitorer des baselines de sécurité pour vos postes clients. Le remplacement a été choisi par Microsoft du fait de la complexité de SCM et de la difficulté à maintenir l’outil pour chaque version de Windows. Aujourd’hui, SCT ne supporteContinue reading “Microsoft Security compliance toolkit / Windows hardening / GPO settings”

Office 365 – how to re-assign a mailbox on hybrid Exchange online

Re-assigning a EXO mailbox to someone else will be a permanent action. Else you can just grant access an existing mailbox to someone else (will require adhoc process with your support team to also get an approval from a manager). Some articles: https://docs.microsoft.com/en-us/microsoft-365/admin/add-users/get-access-to-and-back-up-a-former-user-s-data?view=o365-worldwide https://www.e-apostolidis.gr/microsoft/office-365/how-to-disconnect-a-mailbox-re-assign-it-to-new-user-in-a-hybrid-scenario/ How to assign mailbox to a different user with Exchange Online

msExchRecipientTypeDetails

Integrating an on-premise Active Directory and Exchange organization with Microsoft Cloud Services will require attention to new elements and details. As an example the list of object attributes in the on-premises Active Directory schema differs from the attributes in the Azure and Office 365 services directory platforms. An example is three critical values that areContinue reading “msExchRecipientTypeDetails”

Exchange/EXO/Outlook performance and troubleshooting

Troubleshooting Logs and Tools https://blogs.technet.microsoft.com/exchange/2016/05/31/checklist-for-troubleshooting-outlook-connectivity-in-exchange-2013-and-2016-on-premises/ SaRA tool to assess OUTLOOK client: https://diagnostics.outlook.com/#/ Also on CTRL + right click on OUTLOOK icon on the system tray! to get the connection status Test connectivity from outside using: https://testconnectivity.microsoft.com/ Also check potential source of problems: Check ADFS policies Check set-CASmailbox – (post authentication) ; if POP or imapContinue reading “Exchange/EXO/Outlook performance and troubleshooting”

AADConnect and disabled AD user accounts

By default Azure AD connect will synchronize disabled accounts from AD to AAD. It is normal and is it recommended due to Exchange hybrid and EXO requirements.   It is possible to create a custom rule on AD Sync rules editor to not synchronize disabled AD accounts: https://spanougakis.wordpress.com/2016/02/28/how-to-stop-disabled-user-accounts-from-syncing-with-azure-ad-connect/  

Office 365 : sipAddress vs msRTCSIP-PrimaryUserAddress

As we prepare for the migration from on-premises Skype for Business to Skype for Business Online, there are a few important considerations to bear in mind before you take the leap. I will be covering these in a series of posts (hopefully), today I want to share with you a common scenario we will faceContinue reading “Office 365 : sipAddress vs msRTCSIP-PrimaryUserAddress”

Security: Exchange: two major security threats

https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/ and https://mspoweruser.com/massive-vulnerability-means-lost-email-password-can-lead-to-hacked-microsoft-exchange-server-worse/   Explanations: https://adsecurity.org/?p=4119   Microsoft recommendations: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190007 and https://blogs.technet.microsoft.com/exchange/2019/02/12/released-february-2019-quarterly-exchange-updates/  

Exchange and EXO – Enable Audit mailbox

Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing Scripts: https://github.com/O365AES/Scripts To get status: Get-Mailbox “office365user”| FL Audit* AuditEnabled : True AuditLogAgeLimit : 90.00:00:00 AuditAdmin : {Update, Copy, Move, MoveToDeletedItems…} AuditDelegate : {Update, Move, MoveToDeletedItems, SoftDelete…} AuditOwner : {}   To setup mailbox audit logging for all user mailboxes in your organization: Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq “UserMailbox”} | Set-Mailbox -AuditEnabledContinue reading “Exchange and EXO – Enable Audit mailbox”

Exchange resources and installation tips

Main portal: http://technet.microsoft.com/en-us/exchange/fp179701 Main Technet how-to: http://technet.microsoft.com/en-us/library/bb124558%28v=exchg.150%29.aspx MS technet blog for Exchange: http://blogs.technet.com/b/exchange/ Tony Redmond blog: http://windowsitpro.com/blog/tony-redmonds-exchange-unwashed-blog msexchange.org: http://www.msexchange.org/ Tips and Tricks: Tip: In Exchange Server 2016 the architecture was simplified when compared with previous versions, and nowadays we have only two roles: Mailbox and Edge. Where the Mailbox is the role that is locatedContinue reading “Exchange resources and installation tips”